FB pixel

What is China’s new data privacy law hoping to achieve?

Categories Biometrics News
What is China’s new data privacy law hoping to achieve?
 

The first of November marked the beginning of an apparent regulatory crackdown on data privacy violations in China, as the country’s first comprehensive privacy law (the Personal Information Protection Law) came into effect, leading to a surging demand for data protection specialists and seeing major corporations departing.

The new law, which has been compared to Europe’s GDPR by non-for-profit international privacy community IAPP (International Association of Privacy Professionals), will not only see an increase in data security, sovereignty and personal information rights, but will reshape how companies in China do business, the organization writes.

“When you look at PIPL, it is really focusing on protecting individuals, society, and national security—because of the unique Chinese political system,” says Alexa Lee, a senior manager of policy at the Information Technology Industry Council and an associate editor of Stanford University’s DigiChina project, which has been translating the PIPL into English.

The law aims to enhance cybersecurity along with complementing the country’s national security interests; therefore, companies wanting to share data outside of China must also now go through a national security review. This also goes for companies holding data on more than a million people (to send abroad), likewise for any reasonable-sized company operating in and out of China.

“If European data protection laws are grounded in fundamental rights and U.S. privacy laws are grounded in consumer protection, Chinese privacy law is closely aligned with, and I would even say grounded in, national security,” says Omer Tene, a partner specializing in data, privacy, and cybersecurity at law firm Goodwin. Reviews may​​ include laying out why data is being transferred out of China, the types of information being sent, and the risks of doing so.

Employing a data protection officer for companies is mandatory, and if PIPL laws are breached, applicable fines can be up to $7.8 million or 5 percent of a firm’s annual revenue—roughly equivalent to GDPR’s $23 million and 4 percent thresholds.

This said, government access of citizens’ personal data will not be affected by PIPL. Chinese citizens will remain under some form of surveillance, says Wired. Government use of digital surveillance is a “take it or take it” proposition. There is no significant government consideration about how citizens feel about the blanket biometric surveillance throughout the nation. Last month however saw reports that China has approved its first AI industry ethics guidelines, which if grounded in the law could surpass the West in establishing governance rules.

Wired highlights PIPL’s potential for influence on neighboring countries which are still developing their own data protection policies, DigiChina’s Lee is concerned that other Asian countries may follow suit using data localization measures, which are already being seen in draft laws in India and Vietnam.

While IAPP compares the key types of personal information rights under the GDPR and the PIPL such as the right to erasure, right to data portability and right not to be subject to automated decision making, it remains uncertain how such rights under PIPL might be interpreted in practice and what effects PIPL will have on Chinese citizens.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics a consistent base for varied fraud protection stacks

Biometrics for fraud protection have become a critical piece of the online world, minting billion-dollar companies, but one of the…

 

Govt should collaborate with private sector on DUA Bill: Experts

The UK is debating its new Data (Use and Access) Bill, a legislation that is supposed to pave the way…

 

Managing the risks of a digital public infrastructure in the United States

Establishing a national Digital Public Infrastructure (DPI) in the United States could serve as the backbone for a modern societal-scale…

 

Smile ID rides Nigeria’s surge in biometric verifications to 200M milestone

Smile ID has completed 200 million identity verification checks across the African continent, after celebrating 150 million checks in June….

 

Securing privacy and civil liberties in the age of cybersecurity reform

A new report that outlines a roadmap to fortify the United States’ defenses against cyber threats also highlights the delicate…

 

CDPI and GEALC sign LOI to boost DPI in LATAM, Caribbean

Work to advance the development and implementation of Digital Public Infrastructure (DPI) in  Latin America and the Caribbean region is…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events